Course Content
Packet Forwarding
0/2
Network Device Communication
Forwarding Architectures
Spanning Tree
An overview of how switches become aware of other switches and prevent loops.
0/2
Spanning Tree Protocol Fundamentals
Rapid Spanning Tree Protocol
Advanced Spanning Tree Tuning
0/2
Spanning Tree Topology Tuning
Additional Spanning Tree Protection Mechanisms
Multiple Spanning Tree Protocol (MST)
0/1
Multiple Spanning Tree Protocol
VLAN Trunks and EtherChannel Bundles
0/3
VLAN Trunking Protocol (VTP)
Dynamic Trunking Protocol (DTP)
EtherChannel Bundle
IP Routing Essentails
0/4
Routing Protocol Overview
Path Selection
Static Routing
Virtual routing and forwarding (VRF)
EIGRP
0/4
EIGRP Fundamentals
EIGRP Path Metric Calculation
EIGRP Failure Detection and Timers
EIGRP Route Summarization
OSPF
0/4
OSPF Fundamentals
OSPF Configuration
OSPF Default Route Advertisement
Common OSPF Optimizations
Advanced OSPF
The (OSPF) protocol scales well with proper network planning. IP addressing schemes, area segmentation, address summarization, and hardware capabilities for each area should considered when designing a network.
0/6
OSPF Areas
OSPF Link-State Announcements
Discontiguous Networks
OSPF Path Selection
OSPF Routes Summarization
OSPF Route Filtering
OSPFv3
0/3
OSPFv3 Fundamentals
OSPFv3 Configurations
IPv4 Support in OSPFv3
BGP
0/4
BGP Fundamentals
Basic BGP Configuration
BGP Route Summarization
Multiprotocol BGP for IPv6
Advanced BGP
0/6
BGP Multihoming
BGP Conditional Matching
BGP Route Maps
BGP Route Filtering and Manipulation
BGP Communities
BGP Path Selection
Multicast
0/5
Multicast Fundamentals
Multicast Addressing
Internet Group Management Protocol
Protocol Independent Multicast
Rendezvous Points
QoS
0/5
The Need for QoS
QoS Models
Classification and Marking
Policing and Shaping
Congestion Management and Avoidance
IP Services
0/3
Time Synchronization
First Hop Redundancy Protocol
Network Address Translation
Overlay Tunnels
0/4
Generic Routing Encapsulation (GRE) Tunnels
IPsec Fundamentals
Cisco Location/ID Separation Protocol (LISP)
Virtual Extensible Local Area Network (VXLAN)
Wireless Signals & Modulation
0/2
Understanding Basic Wireless Theory
Carrying Data over a Wireless Signal
Wireless Infrastructure
0/3
WLAN Topologies
Leveraging Antennas for Wireless Coverage
Pairing Lightweight APs and WLCs
Understanding Wireless Roam and Location Services
0/3
Roaming Overview
Roaming Between Centralized Controllers
Locating Devices in a Wireless Network
Authenticating Wireless Clients
0/4
Open Authentication
Authenticating with Pre-Shared Key (PSK)
Authenticating with EAP
Authenticating with WebAuth
Troubleshooting Wireless Connectivity
0/2
Troubleshooting Client Connectivity from WLC
Troubleshooting Connectivity Problems at the AP
Enterprise Network Architecture
0/2
Hierarchical LAN Design Model
Enterprise Network Architecture Options
Fabric Technologies
0/2
Software-Defined Access (SD-Access)
Software Defined WAN (SD-WAN)
Network Assurance
0/6
Network Diagnostic Tools
Debugging
NetFlow and Flexible NetFlow
Switched Port Analyzer (SPAN) Technologies
IP SLA
DNA Center Assurance
Secure Network Access Control
0/3
Network Security Design for Threat Defense
Network Access Control (NAC)
Next-Generation Endpoint Security
Network Device Access Control and Infrastructure Security
0/5
Access Control Lists (ACLs)
Terminal Lines and Password Protection
Authentication, Authorization, and Accounting (AAA)
Zone-Based Firewall (ZBFW)
Control Plane Policing (CoPP)
Virtualization
0/2
Server Virtualization
Network Functions Virtualization
Foundational Network Programmability Concepts
0/6
CLI
Application Programming Interface (API)
Data Models and Supporting Protocols
DevNet
GitHub
Basic Python Components and Scripts
Introduction to Automation Tools  
To provide a high-level overview of some of the most common configuration management and automation tools that are available.
0/3
Embedded Event Manager (EEM)
Agent-Based Automation Tools
Agentless Automation Tools
ENCOR Course
About Lesson

Pairing Lightweight APs and WLCs

the process that LAPs must go through to discover & bind to a WLAN controller.

  • LAPs designed to be “touch free,”
  • but you have to configure the switch port, where the AP connects, with the correct access VLAN, access mode, inline power settings,
  • The AP can power up and use a variety of methods to find a viable WLC to join.
  • PoE+ Wave2 Power Switch

AP States

A LAP goes through a variety of states defined as part of the CAPWAP, in the order:

  1. AP boots – Once an AP receives power, it boots on a small IOS image so that it can work through the remaining states. The AP must also receive an IP from either a DHCP server/ a static configuration so that it can communicate over the network.
  2. WLC discovery – find one or more controllers that it might join.
  3. CAPWAP tunnel – attempts to build a CAPWAP tunnel with one/more controllers. The tunnel will provide a secure DTLS/SSL channel for subsequent AP-WLC control messages. The AP and WLC authenticate each other through an exchange of digital certificates.
  4. WLC join – selects a WLC from a list of candidates. Then sends a CAPWAP Join Request. WLC replies with a CAPWAP Join Response message.
  5. Download image – The WLC informs the AP of its software release. If the AP’s own software is a different release, the AP downloads a matching image from the controller, reboots to apply the new image, and then returns to step 1.
  6. Download config – The AP pulls configuration parameters from WLC. Settings include RF, SSID, security, QoS parameters.
  7. Run state – Once the AP fully initialized, WLC places it in the “run” state. The AP and WLC then begin providing a BSS and begin accepting wireless clients.
  8. Reset – If an AP is reset by the WLC, it tears down existing client associations and any CAPWAP tunnels to WLCs. The AP then reboots and starts through the entire state machine again.

 

If there is a chance an AP could rehome with another WLC, you should make sure that both WLCs are running the same code release. Otherwise, the AP move should happen at a planned time, like during a maintenance window. You can predownload a new release to the controller’s APs prior to rebooting the WLC.

Discovering a WLC

To discover a WLC, an AP sends a unicast CAPWAP Discovery Request to a controller’s IP over UDP port 5246 or a broadcast to the local subnet. If the controller exists, it returns a CAPWAP Discovery Response to the AP. Several methods of discovery are used and the sequence of discovery is as follows:

  1. The AP broadcasts a CAPWAP Discovery Request on its local wired subnet. Any WLCs on the subnet answer with a CAPWAP Discovery Response.
  2. An AP can be “primed” with up to 3 controllers: a primary, a secondary, a tertiary. These stored in NVRAM so that the AP can remember them after a reboot. Otherwise, if an AP has previously joined a WLC, it may have stored up to 8 out of a list of 32 WLC addresses that it received from the last controller it joined. The AP attempts to contact as many controllers as possible to build a list of candidates.
  3. The DHCP server that supplies an IP can also send DHCP option 43 to suggest WLC addresses.
  4. The AP attempts to resolve the name CISCO-CAPWAP-CONTROLLER.localdomain with a DNS request (where localdomain is the domain name learned from DHCP). If the name resolves to an IP, the controller attempts to contact a WLC at that address.
  5. If none of the steps has been successful, the AP resets itself and restarts the discovery process again.

Discovering a WLC

If the AP and controllers lie on different subnets, you can configure the local router to relay any broadcast requests on UDP port 5246 to specific controller addresses.


router(config)# ip forward-protocol udp 5246
router(config)# interface vlan number
router(config-int)# ip helper-address WLC1-MGMT-ADDR
router(config-int)# ip helper-address WLC2-MGMT-ADDR

Maintaining WLC Availability

  • If a controller full of 1000 APs fails, all 1000 APs must detect the failure, discover other controllers, and then select the least-loaded one to join. During that time, wireless clients can be left stranded with no connectivity.
  • The most deterministic approach is to use the primary, secondary, tertiary controller fields in every AP.
  • Once an AP joins a controller, it sends keepalive messages to the controller over the wired network. By default, keepalives sent every 30 seconds. If a keepalive is not answered, an AP escalates by sending four more keepalives at 3-second intervals. If it does not answer, the AP presumes that the controller has failed. The AP then moves quickly to find a successor to join.
  • Using default values, an AP can detect controller failure in 35s. Using minimum values, failure can be detected in only 6s.
  • WLCs also support HA with stateful switchover (SSO) redundancy. One controller takes on the active role and the other a hot standby mode. The APs only need to know the active primary controller.
  • The active unit keeps CAPWAP tunnels, AP states, client states, configurations, and image files all in sync with the hot standby unit. The active controller also synchronizes the state of each associated client that is in the RUN state with the hot standby controller. If the active controller fails, the standby will already have the current state information for each AP and client, making the failover process transparent to the end users.

AP Modes

From the WLC, you can configure a lightweight AP to operate in one of the following modes:

  • Local – The default lightweight mode that offers one or more functioning BSSs on a specific channel. During times when it is not transmitting, the AP scans the other channels to measure the level of noise, measure interference, discover rogue devices, and match against IDS events.
  • Monitor – The AP does not transmit at all, but its receiver is enabled to act as a dedicated sensor. The AP checks for IDS events, detects rogue access points, and determines the position of stations through locationbased services.
  • FlexConnect – An AP at a remote site can locally switch traffic between an SSID and a VLAN if its CAPWAP tunnel to the WLC is down and if it is configured to do so.
  • Sniffer – An AP dedicates its radios to receiving 802.11 traffic from other sources, much like a sniffer or packet capture device. The captured traffic is then forwarded to a PC running network analyzer software such as LiveAction Omnipeek/Wireshark, where it can be analyzed further.
  • Rogue detector – An AP dedicates itself to detecting rogue devices by correlating MAC heard on the wired network with those heard over the air. Rogue devices are those that appear on both networks.

AP Modes

  • Bridge – An AP becomes a dedicated bridge (point-to-point/point-to-multipoint) between two networks. Two APs in bridge mode can be used to link two locations separated by a distance. Multiple APs in bridge mode can form an indoor or outdoor mesh network.
  • Flex+Bridge – FlexConnect operation is enabled on a mesh AP.
  • SE-Connect – The AP dedicates its radios to spectrum analysis on all wireless channels. You can remotely connect a PC running software such as MetaGeek Chanalyzer or Cisco Spectrum Expert to the AP to collect and analyze the spectrum analysis data to discover sources of interference.

 

A LAP is normally in local mode when it is providing BSSs and allowing client devices to associate to wireless LANs.   When an AP configured to operate in one of the other modes, local mode (and the BSSs) disabled.

 

 

Other useful information:

 

Join the conversation
Previous
Next